Over two years on from the initial outbreak, WannaCry ransomware is still infecting victims – and some people are still paying the ransom in a futile effort to retrieve their encrypted data.
In May 2017, WannaCry ransomware spread quickly around the world, encrypting networks and taking down services. High-profile targets included the UK’s National Health Service (NHS) and FedEx.
WannaCryFake demands Bitcoin ransoms
The latest iteration of the ransomware circulates under the WannaCryFake name and typically demands that victims pay a ransom in Bitcoin in order to get their data safely decrypted.
Even when WannaCry first hit, paying the ransom didn’t solve anything, and instances of hackers simply disappearing after they receive payment appear to be increasing.
Now, however, there is a free tool that can help victims retrieve their data.
Cybersecurity firm Emsisoft has released a solution for Bitcoin (BTC)-demanding ransomware WannaCryFake.
According to Emsisoft’s security researchers, WannaCryFake is a modification of the infamous WannaCry ransomware that began spreading around the world back in 2017, infecting big corporations including hospitals, banks, and telecom companies.
WannaCryFake uses AES-256 to encrypt a victim’s files with a note that any decryption attempts with third-party software will irrevocably destroy their data.
Right after the attack victims are instructed to contact the ransomware distributors through ProtonMail or Telegram, and are then provided steps on how to send Bitcoin through Pidgin.
Free tool to fight ransomware
Researchers explicitly state that if anyone finds themselves falling victim to WannaCry that they shouldn’t pay the ransom because the attackers don’t monitor the wallet and won’t provide a key in return.
Furthermore, law enforcement and cybersecurity companies also recommend that users don’t pay ransoms in general, because it funds cyber-criminal activity.
Emsisoft makes a similar recommendation and notes that with its free decryption tool, victims can recover their files without causing permanent data loss.
According to the development team, the data recovery process is actually pretty simple. Once the malware is removed from the system, the user should download Emsisoft’s decryptor.
Simply run the decryptor and ensure the hard drives/storage devices that have been encrypted are selected.
While decryption tools can help you recover lost files, they don’t work all the time and sometimes victims just end up paying the hackers despite all of the recommendations to the contrary.
However, Emsisoft states that all WannaCryFake encryption cases to date have been successfully resolved.
Bitcoin abused for ransomware
Emsisoft, along with a host of other security organizations, is part of the “No More Ransom” project, a collaboration between law enforcement agencies and cybersecurity firms to help victims hit back at ransomware.
Unfortunately, Bitcoin-ransoming malware is quite prevalent. Recently, City Hall systems in Riviera Beach, Florida were breached, forcing the institutions to cave into the attackers’ demands and pay a $600,000 Bitcoin ransom.
At the start of 2019, a squad of cybersecurity firms also identified a ransomware threat spreading across the internet known as Ryuk, which had collected over 705 BTC in just five months.
Fortunately, as the spread of ransomware continues to increase, so too does the availability of tools to combat it.
In addition to Emisoft’s WannaCryFake decryptor, there are other free tools and services available as well.
Users of the services are asked to upload a sample of an encrypted file for analysis. If the analysis determines that it belongs to a ransomware family that has already been cracked, they will be able to download a decryption solution and unlock their systems at no cost.